[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Design principles
From: |
Marcus Brinkmann |
Subject: |
Re: Design principles |
Date: |
Mon, 15 Jan 2007 19:53:37 +0100 |
User-agent: |
Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i486-pc-linux-gnu) MULE/5.0 (SAKAKI) |
At Mon, 15 Jan 2007 12:27:39 -0500,
"Jonathan S. Shapiro" <address@hidden> wrote:
>
> On Mon, 2007-01-15 at 18:26 +0100, Marcus Brinkmann wrote:
>
> > Well, in this case I have the upper hand in the discussion, because we
> > definitely have exciting and convincing evidence that mutually
> > suspicious collaboration can and will happen in transparent computer
> > systems. As a primary example, I cite Wikipedia, which has strong
> > security without opaqueness. (If you want an example at the operating
> > system level, I cite the Incompatible Timesharing System, ITS,
> > although that is less convincing because it comes from a time where
> > the computing environment was quite different. Still the similarities
> > to Wikipedia's security mechanisms are all too obvious, so it has to
> > be mentioned).
>
> An interesting assertion. What are Wikipedia's security mechanisms?
Mmh. It's actually more interesting that you have to ask. There is
enough material to go into a longer essay, but I will give a quick
overview. I will not always state what the outcome is (ie, which
aspects of a possible security policy are achieved), only the actual
mechanisms. I am not claiming this to be an exhaustive list, it's
mostly what comes to mind immediately.
1) Transparency: The data and software to process it is available to
everyone for download. This protects against the weak link, which
is the host providing the resources.
2) Abundance of resources: Denial of Service attack is unlikely
because rate of input is lower than rate of resource expansion.
This is actually true for both hardware resources and soft
resources like editing improper material etc.
3) Monitoring: All users can monitor changes made by other users.
4) Accountability: All changes are tracked by username and/or IP
address.
5) Versioning: Changes are non-destructive, old versions of modified
data are retained.
6) Recoverability: Restoration of old versions is possible.
7) Durability: The resources are not at the peril of participating
users. (See also point 1).
8) Community: Participants engage in a community with strong social
bounds, which builds up peer pressure for compliance.
9) Retaliation: IP addresses can be blocked temporarily to protect
against on-going abuses.
Wikipedia is also experimenting with other mechanisms, for example:
10) Multiple Views: "Stable versions" can be declared which are the
default view, alternate views are available to everyone at their
liking. (This has also been used elsewhere before, for example in
the slashdot.org comment rating system).
Thanks,
Marcus
- Design principles, Pierre THIERRY, 2007/01/14
- Re: Design principles, Jonathan S. Shapiro, 2007/01/14
- Re: Design principles, olafBuddenhagen, 2007/01/14
- Re: Design principles, Marcus Brinkmann, 2007/01/15
- Re: Design principles, Jonathan S. Shapiro, 2007/01/15
- Re: Design principles, Marcus Brinkmann, 2007/01/15
- Re: Design principles, Jonathan S. Shapiro, 2007/01/15
- Re: Design principles,
Marcus Brinkmann <=
- Re: Design principles, Jonathan S. Shapiro, 2007/01/15
- Re: Design principles, Neal H. Walfield, 2007/01/15
- Re: Design principles, Jonathan S. Shapiro, 2007/01/15
- Re: Design principles, Marcus Brinkmann, 2007/01/15
- Re: Design principles, Jonathan S. Shapiro, 2007/01/15
- Re: Design principles, Sam Mason, 2007/01/15
- Re: Design principles, Neal H. Walfield, 2007/01/15
- Re: Design principles, Sam Mason, 2007/01/15
- Re: Design principles, Pierre THIERRY, 2007/01/16
Re: Design principles, Pierre THIERRY, 2007/01/15